SoftFlow: Automated HW-SW Confidentiality Verification for Embedded Processors

Abstract

SoftFlow is a novel Electronic Design Automation (EDA) tool designed to automate the confidentiality verification of sensitive data across the hardware-software boundary in embedded processors. It identifies whether specific software exploits existing data leakage paths within the hardware, a vulnerability often missed by standard functional testing. This capability allows designers to retain performance-critical hardware features that contain leak paths, provided the software is proven not to exploit them, as demonstrated by redesigning OpenSSL cryptographic C programs on a RISC-V architecture.

Report

Key Highlights

• SoftFlow is an automated Electronic Design Automation (EDA) tool specifically developed for HW-SW confidentiality verification in embedded processors.
• It addresses a critical security gap, as commercial EDA tools often overlook vulnerabilities that leak sensitive data without causing evident functional changes.
• The tool determines if a given software exploits existing leakage paths in the underlying hardware architecture.
• SoftFlow’s core innovation is allowing the retention of existing hardware leakage paths if they are proven non-exploitable by the running software, which is beneficial for maintaining performance or handling pre-manufactured chips.
• The feasibility of SoftFlow was demonstrated by identifying and enabling the redesign of vulnerabilities in OpenSSL cryptographic C programs to prevent the leakage of cryptographic keys.

Technical Details

• Tool Type: EDA tool focused on security verification.
• Verification Focus: Confidentiality (data flow security) across the hardware-software interface.
• Target Architecture: Embedded processors, demonstrated successfully using a RISC-V architecture.
• Methodology: Analyzes the combination of software execution (specifically cryptographic routines) and underlying hardware features to detect potential information leakage paths (e.g., side channels).
• Mitigation Strategy: Provides analysis necessary for software redesign rather than mandatory hardware removal, allowing for software patches to neutralize hardware vulnerabilities.

Implications

• Advancing Design Security: SoftFlow pushes security considerations earlier into the design flow (shift-left security), overcoming limitations of state-of-the-art tools that focus too narrowly on hardware or restrict security property expressiveness.
• Efficiency in Mitigation: By validating that software does not exploit a leakage path, the tool prevents unnecessary and potentially performance-damaging hardware redesigns, offering a more efficient design optimization process.
• Impact on RISC-V: As RISC-V adoption grows in embedded and secure computing, tools like SoftFlow are vital for ensuring the confidentiality of high-profile workloads (like OpenSSL), bolstering trust in the customizable architecture for sensitive applications.
• Legacy Hardware Support: The ability to verify and mitigate leakage via software means SoftFlow can provide protection for devices where the chip is already manufactured (post-silicon, pre-deployment stage).